Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2015-AVI-147
Vulnerability from certfr_avis - Published: 2015-04-13 - Updated: 2015-04-13
De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apple iOS versions ant\u00e9rieures \u00e0 8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple TV versions ant\u00e9rieures \u00e0 7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Xcode versions ant\u00e9rieures \u00e0 6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-1076",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1076"
},
{
"name": "CVE-2015-1126",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1126"
},
{
"name": "CVE-2015-1073",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1073"
},
{
"name": "CVE-2015-1095",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1095"
},
{
"name": "CVE-2015-1098",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1098"
},
{
"name": "CVE-2015-1125",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1125"
},
{
"name": "CVE-2015-1115",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1115"
},
{
"name": "CVE-2015-1084",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1084"
},
{
"name": "CVE-2015-1092",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1092"
},
{
"name": "CVE-2015-1107",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1107"
},
{
"name": "CVE-2015-1122",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1122"
},
{
"name": "CVE-2015-1117",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1117"
},
{
"name": "CVE-2015-1078",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1078"
},
{
"name": "CVE-2015-1096",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1096"
},
{
"name": "CVE-2015-1104",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1104"
},
{
"name": "CVE-2015-1105",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1105"
},
{
"name": "CVE-2015-1103",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1103"
},
{
"name": "CVE-2015-1106",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1106"
},
{
"name": "CVE-2015-1074",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1074"
},
{
"name": "CVE-2015-1070",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1070"
},
{
"name": "CVE-2015-1113",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1113"
},
{
"name": "CVE-2015-1077",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1077"
},
{
"name": "CVE-2015-1093",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1093"
},
{
"name": "CVE-2015-1102",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1102"
},
{
"name": "CVE-2015-1118",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1118"
},
{
"name": "CVE-2015-1085",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1085"
},
{
"name": "CVE-2015-1081",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1081"
},
{
"name": "CVE-2015-1079",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1079"
},
{
"name": "CVE-2015-1091",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1091"
},
{
"name": "CVE-2015-1068",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1068"
},
{
"name": "CVE-2015-1120",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1120"
},
{
"name": "CVE-2015-1082",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1082"
},
{
"name": "CVE-2015-1100",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1100"
},
{
"name": "CVE-2015-1097",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1097"
},
{
"name": "CVE-2015-1087",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1087"
},
{
"name": "CVE-2015-1088",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1088"
},
{
"name": "CVE-2015-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1094"
},
{
"name": "CVE-2015-1071",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1071"
},
{
"name": "CVE-2015-1099",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1099"
},
{
"name": "CVE-2015-1072",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1072"
},
{
"name": "CVE-2015-1101",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1101"
},
{
"name": "CVE-2015-1090",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1090"
},
{
"name": "CVE-2015-1089",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1089"
},
{
"name": "CVE-2015-1080",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1080"
},
{
"name": "CVE-2015-1112",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1112"
},
{
"name": "CVE-2015-1119",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1119"
},
{
"name": "CVE-2015-1110",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1110"
},
{
"name": "CVE-2015-1111",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1111"
},
{
"name": "CVE-2015-1124",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1124"
},
{
"name": "CVE-2015-1086",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1086"
},
{
"name": "CVE-2015-1121",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1121"
},
{
"name": "CVE-2015-1108",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1108"
},
{
"name": "CVE-2015-1123",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1123"
},
{
"name": "CVE-2015-1149",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1149"
},
{
"name": "CVE-2015-1116",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1116"
},
{
"name": "CVE-2015-1083",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1083"
},
{
"name": "CVE-2015-1109",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1109"
},
{
"name": "CVE-2015-1114",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1114"
},
{
"name": "CVE-2015-1069",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1069"
}
],
"initial_release_date": "2015-04-13T00:00:00",
"last_revision_date": "2015-04-13T00:00:00",
"links": [],
"reference": "CERTFR-2015-AVI-147",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-04-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eApple\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une\nex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT204662 du 08 avril 2015",
"url": "https://support.apple.com/en-us/HT204662"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT204661 du 08 avril 2015",
"url": "https://support.apple.com/en-us/HT204661"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT204663 du 08 avril 2015",
"url": "https://support.apple.com/en-us/HT204663"
}
]
}
CVE-2015-1109 (GCVE-0-2015-1109)
Vulnerability from cvelistv5 – Published: 2015-04-10 14:00 – Updated: 2024-08-06 04:33
VLAI
EPSS
Summary
NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.securitytracker.com/id/1032050 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/73978 | vdb-entryx_refsource_BID |
| https://support.apple.com/HT204661 | x_refsource_CONFIRM |
Date Public
2015-04-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2015-04-08-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "1032050",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032050"
},
{
"name": "73978",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73978"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204661"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T16:57:01.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2015-04-08-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "1032050",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032050"
},
{
"name": "73978",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73978"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204661"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-1109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2015-04-08-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "1032050",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032050"
},
{
"name": "73978",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73978"
},
{
"name": "https://support.apple.com/HT204661",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204661"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2015-1109",
"datePublished": "2015-04-10T14:00:00.000Z",
"dateReserved": "2015-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:33:20.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1110 (GCVE-0-2015-1110)
Vulnerability from cvelistv5 – Published: 2015-04-10 14:00 – Updated: 2024-08-06 04:33
VLAI
EPSS
Summary
The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.securityfocus.com/bid/73983 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1032050 | vdb-entryx_refsource_SECTRACK |
| https://support.apple.com/HT204662 | x_refsource_CONFIRM |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| https://support.apple.com/HT204661 | x_refsource_CONFIRM |
Date Public
2015-04-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2015-04-08-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "73983",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73983"
},
{
"name": "1032050",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032050"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204662"
},
{
"name": "APPLE-SA-2015-04-08-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204661"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T15:57:01.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2015-04-08-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "73983",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73983"
},
{
"name": "1032050",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032050"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204662"
},
{
"name": "APPLE-SA-2015-04-08-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204661"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-1110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2015-04-08-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "73983",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73983"
},
{
"name": "1032050",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032050"
},
{
"name": "https://support.apple.com/HT204662",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204662"
},
{
"name": "APPLE-SA-2015-04-08-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
},
{
"name": "https://support.apple.com/HT204661",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204661"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2015-1110",
"datePublished": "2015-04-10T14:00:00.000Z",
"dateReserved": "2015-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:33:20.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1111 (GCVE-0-2015-1111)
Vulnerability from cvelistv5 – Published: 2015-04-10 14:00 – Updated: 2024-08-06 04:33
VLAI
EPSS
Summary
Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.securitytracker.com/id/1032050 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/73978 | vdb-entryx_refsource_BID |
| https://support.apple.com/HT204661 | x_refsource_CONFIRM |
Date Public
2015-04-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2015-04-08-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "1032050",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032050"
},
{
"name": "73978",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73978"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204661"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T16:57:01.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2015-04-08-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "1032050",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032050"
},
{
"name": "73978",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73978"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204661"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-1111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2015-04-08-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "1032050",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032050"
},
{
"name": "73978",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73978"
},
{
"name": "https://support.apple.com/HT204661",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204661"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2015-1111",
"datePublished": "2015-04-10T14:00:00.000Z",
"dateReserved": "2015-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:33:20.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1112 (GCVE-0-2015-1112)
Vulnerability from cvelistv5 – Published: 2015-04-10 14:00 – Updated: 2024-08-06 04:33
VLAI
EPSS
Summary
Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://support.apple.com/HT204658 | x_refsource_CONFIRM |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.securitytracker.com/id/1032047 | vdb-entryx_refsource_SECTRACK |
| https://support.apple.com/HT204661 | x_refsource_CONFIRM |
Date Public
2015-04-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204658"
},
{
"name": "APPLE-SA-2015-04-08-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "APPLE-SA-2015-04-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html"
},
{
"name": "1032047",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032047"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204661"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-13T14:57:00.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204658"
},
{
"name": "APPLE-SA-2015-04-08-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "APPLE-SA-2015-04-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html"
},
{
"name": "1032047",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032047"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204661"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-1112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT204658",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204658"
},
{
"name": "APPLE-SA-2015-04-08-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "APPLE-SA-2015-04-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html"
},
{
"name": "1032047",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032047"
},
{
"name": "https://support.apple.com/HT204661",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204661"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2015-1112",
"datePublished": "2015-04-10T14:00:00.000Z",
"dateReserved": "2015-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:33:20.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1113 (GCVE-0-2015-1113)
Vulnerability from cvelistv5 – Published: 2015-04-10 14:00 – Updated: 2024-08-06 04:33
VLAI
EPSS
Summary
The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.securitytracker.com/id/1032050 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/73978 | vdb-entryx_refsource_BID |
| https://support.apple.com/HT204661 | x_refsource_CONFIRM |
Date Public
2015-04-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2015-04-08-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "1032050",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032050"
},
{
"name": "73978",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73978"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204661"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T16:57:01.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2015-04-08-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "1032050",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032050"
},
{
"name": "73978",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73978"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204661"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-1113",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2015-04-08-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "1032050",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032050"
},
{
"name": "73978",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73978"
},
{
"name": "https://support.apple.com/HT204661",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204661"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2015-1113",
"datePublished": "2015-04-10T14:00:00.000Z",
"dateReserved": "2015-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:33:20.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1114 (GCVE-0-2015-1114)
Vulnerability from cvelistv5 – Published: 2015-04-10 14:00 – Updated: 2024-08-06 04:33
VLAI
EPSS
Summary
The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.securityfocus.com/bid/73983 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1032050 | vdb-entryx_refsource_SECTRACK |
| https://support.apple.com/HT204662 | x_refsource_CONFIRM |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| https://support.apple.com/HT204661 | x_refsource_CONFIRM |
Date Public
2015-04-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2015-04-08-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "73983",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73983"
},
{
"name": "1032050",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032050"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204662"
},
{
"name": "APPLE-SA-2015-04-08-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204661"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T15:57:01.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2015-04-08-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "73983",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73983"
},
{
"name": "1032050",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032050"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204662"
},
{
"name": "APPLE-SA-2015-04-08-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204661"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-1114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2015-04-08-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "73983",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73983"
},
{
"name": "1032050",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032050"
},
{
"name": "https://support.apple.com/HT204662",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204662"
},
{
"name": "APPLE-SA-2015-04-08-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
},
{
"name": "https://support.apple.com/HT204661",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204661"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2015-1114",
"datePublished": "2015-04-10T14:00:00.000Z",
"dateReserved": "2015-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:33:20.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1115 (GCVE-0-2015-1115)
Vulnerability from cvelistv5 – Published: 2015-04-10 14:00 – Updated: 2024-08-06 04:33
VLAI
EPSS
Summary
The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.securitytracker.com/id/1032050 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/73978 | vdb-entryx_refsource_BID |
| https://support.apple.com/HT204661 | x_refsource_CONFIRM |
Date Public
2015-04-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2015-04-08-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "1032050",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032050"
},
{
"name": "73978",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73978"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204661"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T16:57:01.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2015-04-08-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "1032050",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032050"
},
{
"name": "73978",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73978"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204661"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-1115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2015-04-08-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "1032050",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032050"
},
{
"name": "73978",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73978"
},
{
"name": "https://support.apple.com/HT204661",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204661"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2015-1115",
"datePublished": "2015-04-10T14:00:00.000Z",
"dateReserved": "2015-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:33:20.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1116 (GCVE-0-2015-1116)
Vulnerability from cvelistv5 – Published: 2015-04-10 14:00 – Updated: 2024-08-06 04:33
VLAI
EPSS
Summary
The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.securitytracker.com/id/1032050 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/73978 | vdb-entryx_refsource_BID |
| https://support.apple.com/HT204661 | x_refsource_CONFIRM |
Date Public
2015-04-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2015-04-08-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "1032050",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032050"
},
{
"name": "73978",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73978"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204661"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T16:57:01.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2015-04-08-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "1032050",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032050"
},
{
"name": "73978",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73978"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204661"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-1116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2015-04-08-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "1032050",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032050"
},
{
"name": "73978",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73978"
},
{
"name": "https://support.apple.com/HT204661",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204661"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2015-1116",
"datePublished": "2015-04-10T14:00:00.000Z",
"dateReserved": "2015-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:33:20.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1117 (GCVE-0-2015-1117)
Vulnerability from cvelistv5 – Published: 2015-04-10 14:00 – Updated: 2024-08-06 04:33
VLAI
EPSS
Summary
The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group privileges via a crafted app.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://support.apple.com/HT204659 | x_refsource_CONFIRM |
| https://support.apple.com/kb/HT204870 | x_refsource_CONFIRM |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.securitytracker.com/id/1032048 | vdb-entryx_refsource_SECTRACK |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| https://support.apple.com/HT204662 | x_refsource_CONFIRM |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| https://support.apple.com/HT204661 | x_refsource_CONFIRM |
Date Public
2015-04-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204659"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT204870"
},
{
"name": "APPLE-SA-2015-04-08-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "1032048",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032048"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204662"
},
{
"name": "APPLE-SA-2015-04-08-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204661"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group privileges via a crafted app."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204659"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT204870"
},
{
"name": "APPLE-SA-2015-04-08-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "1032048",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032048"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204662"
},
{
"name": "APPLE-SA-2015-04-08-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204661"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-1117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group privileges via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT204659",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204659"
},
{
"name": "https://support.apple.com/kb/HT204870",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT204870"
},
{
"name": "APPLE-SA-2015-04-08-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "1032048",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032048"
},
{
"name": "APPLE-SA-2015-04-08-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "https://support.apple.com/HT204662",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204662"
},
{
"name": "APPLE-SA-2015-04-08-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
},
{
"name": "https://support.apple.com/HT204661",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204661"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2015-1117",
"datePublished": "2015-04-10T14:00:00.000Z",
"dateReserved": "2015-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:33:20.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1118 (GCVE-0-2015-1118)
Vulnerability from cvelistv5 – Published: 2015-04-10 14:00 – Updated: 2024-08-06 04:33
VLAI
EPSS
Summary
libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://support.apple.com/HT204659 | x_refsource_CONFIRM |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| http://www.securitytracker.com/id/1032048 | vdb-entryx_refsource_SECTRACK |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| https://support.apple.com/HT204662 | x_refsource_CONFIRM |
| http://lists.apple.com/archives/security-announce… | vendor-advisoryx_refsource_APPLE |
| https://support.apple.com/HT204661 | x_refsource_CONFIRM |
Date Public
2015-04-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204659"
},
{
"name": "APPLE-SA-2015-04-08-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "1032048",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032048"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204662"
},
{
"name": "APPLE-SA-2015-04-08-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204661"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-13T14:57:00.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204659"
},
{
"name": "APPLE-SA-2015-04-08-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "1032048",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032048"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204662"
},
{
"name": "APPLE-SA-2015-04-08-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204661"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-1118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT204659",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204659"
},
{
"name": "APPLE-SA-2015-04-08-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "1032048",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032048"
},
{
"name": "APPLE-SA-2015-04-08-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "https://support.apple.com/HT204662",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204662"
},
{
"name": "APPLE-SA-2015-04-08-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
},
{
"name": "https://support.apple.com/HT204661",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204661"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2015-1118",
"datePublished": "2015-04-10T14:00:00.000Z",
"dateReserved": "2015-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:33:20.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…